Exchange 2007 SP1 Certificate generated with Ex PS, refuses to install cert
I followed the directions in Technet to generate a certificate request. I went to Go Daddy adn re-keyed my cert based on this newly generated file. I downloaded the cert zip file, andextracted it. When I try to install it, I get the following: "Import-ExchangeCertificate : The import file name MyFile.crt was not found or was not accessible." I am running the command from the directory where the certificate is, so it shouldn't be a path issue. I already installed the included Go Daddy Intermediate Certificate. On the crt file, I have UnBlocked it, taken ownership with the Exchange service account and given it full rights. But I can't get any farther than this - still get the same error message. ANyone have the magic decoder ring to figure out how to fix this? Goggle searches turned up nothing helpful.
August 14th, 2008 10:09pm

What is the command line that you used to import the certificate? "Exchange service account?" E2K7 does not need a service account.
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2008 10:29pm

It does use a "service account" with Blackberry Enterprise Server and BackupExec, but that is beside the point - it also fails with the same error when logged in as the Enterprise Admin. I used the following command (italics are obfuscated, but should be obvious) to generat the cert request: New-ExchangeCertificate -GenerateRequest -Path c:\CRS_File.csr -KeySize 1024 -SubjectName "c=US, s=Texas, l=College Station, o=Texas A&M University, ou=TEES, cn=FQDN" -PrivateKeyExportable $True I used the IIS option on Go Daddy to re-key based on the output file from the above command. The output file did have a blank line between the last line of the text to generate the key and the "-----END NEW CERTIFICATE REQUEST-----" line which wasn't accepted as valid until I removed the blank line.
August 14th, 2008 10:46pm

Slaps forehead! Sorry, you wanted the import command: [PS] C:\certs>Import-ExchangeCertificate -Path c:\cert\CertFileFromGoDaddy.crt -friendlyname "FQDN"Import-ExchangeCertificate : The import file name c:\cert\CertFileFromGoDaddy.crt was not found or was not accessible.Parameter name: PathAt line:1 char:27+ Import-ExchangeCertificate <<<< -Path c:\cert\CertFileFromGoDaddy.crt -friendlyname "FQDN.edu"
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2008 10:53pm

FYI - this is a re-key for a previously used SSL cert and ia a Go Daddy "Standard SSL" certificate. It only has a single host name associated with it. THat shouldn't be a problem, or is a different kind of certificate required? I removed the Exchange install generated certificate to replace it with this one. Does that create a problem?
August 15th, 2008 7:17pm

Hi, First the certificate file should be in pfx , or p7b file but not cert file. Please ensure that the certificate has been installed properly. You can check the certificate status from MMC with Certificate snap-in. 1. Run MMC from a command prompt. 2. Click on file on the toolbar and select Add/Remove snap in 3. In the Standalone tab, click on Add-Certificates-Computer account-Local computer. 4. Click Finish and Ok. 5. Expand Certificates-Personal-Certificate. 6. In the right result pane, please find the certificate that you import and double click on it. 7. From the General pane, please ensure that the certificate has been correctly issued. Besides, please check event viewer to get related error event and post here for further troubleshooting. Note: Please run eventvwr to open event viewer. Import-ExchangeCertificate http://technet.microsoft.com/en-us/library/bb124424(EXCHG.80).aspx Hope it helps. Xiu
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2008 8:54am

OK, using the same basic command line, but moving the cert to the root of C: where the CSR was saved when creating the requestand using that path to import from, allowed me to import the certificate. So, apparently the path statement does *nothing*!
August 18th, 2008 4:50pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics